Today I received email notifications from the firewall stating that there had been two failed login attempts to WebAdmin.I have never seen this previously, other than when I have screwed up and entered the wrong password myself.
There is a single entry in the firewall rules that allows TCP 4444 access to WebAdmin login page from the Internal Network. No other rules include this service port.A check of the reported IP address that attempted the login gives a location of Morocco, which I am pretty sure is not included in my internal network.
Can anyone explain how someone outside my internal network could access my WebAdmin login page?
UTM Release 9.705-3
Thank you for contacting the Sophos Community!
What do you have under Management >> WebAdmin Settings >> General >> Allowed Networks?
This setting will basically open the…
If I understand you correctly Emmanuel, if a network is included in Management >> WebAdmin Settings >> General >> Allowed Networks this will override the firewall rules.If I am honest, that seems quite counter intuitive.
That said, if that is the cause of my problem (ANY was included here) then it is a simple fix.
This is "standard" in WebAdmin, BigO. You will want to consult #2 in Rulz (last updated 2019-04-17) for other places such a phenomenon exists.
Cheers - Bob